Security Engineer - SAST & SCA (Application Security)

Intone Networks
San Jose, United States of America
2 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

San Jose, United States of America

Tech stack

Kubernetes Security
Java
JavaScript
JIRA
Azure
Bash
C++
Cloud Engineering
Continuous Integration
Github
Issue Tracking Systems
Python
Open Web Application Security
Powershell
Fortify (Software)
Secure Coding
Software Vulnerability Management
Scripting (Bash/Python/Go/Ruby)
Software Security
Veracode
GWAPT
Gitlab-ci
Tenable Nessus
Checkmarx
Terraform
Devsecops
Jenkins
Static Application Security Testing

Requirements

Required Qualifications Experience * 3-6+ years in Application Security, DevSecOps, or Secure Development * Hands-on experience with: o SAST and/or SCA tools in enterprise environments * Experience working closely with development teams and CI/CD pipelines Technical Skills * Strong knowledge of: OWASP Top 10 Secure coding practices (Java, Python, C/C++, JavaScript, etc.) * Experience with SAST tools such as: Checkmarx, Fortify, Veracode, CodeQL * Experience with SCA tools such as: Snyk, Black Duck, Mend, Dependabot DevSecOps & Automation * Familiarity with: CI/CD tools (GitHub Actions, Jenkins, GitLab CI, Azure DevOps) * Experience with: Scripting (Python, Bash, PowerShell) * Ability to: Automate workflows and integrate security into pipelines Vulnerability Management * Understanding of: CVSS scoring and risk prioritization Vulnerability tracking and remediation processes * Experience with: Jira or similar ticketing systems Preferred Qualifications * Certifications: CSSLP, GWAPT, OSCP (optional but valuable) Experience with: SBOM frameworks (CycloneDX, SPDX) Container security and dependency scanning Cloud-native application security * Familiarity with: Secrets scanning, IaC scanning tools (e.g., Terraform security)

Apply for this position